Adobe has just released yet another Security Bulletin, advising about a currently exploited security hole in Flash

InfoWorld|Sep 14, 2010

In what's become an all-too-familiar refrain, Adobe has released yet another security bulletin, APSA 10-03, giving very few details about a new zero-day hole in Flash. The hole apparently exists not only on Windows systems, but also Mac, Linux, Solaris, and Android.

The zero-day security flaw "could cause a crash and potentially allow an attacker to take control of the affected system." Adobe further advises, "There are reports that this vulnerability is being actively exploited in the wild against Adobe Flash Player on Windows."

In a different twist, the same security hole also bedevils Adobe's Acrobat and Reader, according to Adobe, leaving them both exposed to the same kind of exploit. Blame the Flash player embedded in Reader.

Adobe says it plans to have a fix available for Flash during the week of Sept. 27.

Adobe's playing this one very close to the chest -- I've seen no details about the hole on any of the usual hacking sites. The security bulletin says, "Adobe actively shares information about this and other vulnerabilities with partners in the security community to enable them to quickly develop detection and quarantine methods to protect users until a patch is available." It could be -- but if true, none of that information has leaked, at least as of this writing.

Keep an eye out for this one folks. It will take a bit for the anti-virus, IDS/IPS and other vendors to catch up and detect the malware that exploits the vulnerability. Although by that point the box affected may well be compromised as most detect after the exploit has already taken place. Since the vendor has released the advisory after being notified that exploits are already occurring against Windows boxes it is recommended to explore workarounds for mitigation, detection of already compromised hosts, and cleanup

Woody Leonhard writes computer books, primarily about Windows and Office; he's currently working on the Win 10 follow-up to the thousand-page "Windows 8.1 All-in-One for Dummies." A self-described "Windows victim," Woody specializes in telling the truth about Windows in a way that won't put you to sleep.